Vlans and cisco router

Similar Messages

• Site-to-Site VPN between Cisco ASA 5505 (8.4) and Cisco Router (IOS 15.2)

  Hi, I'm trying to create Site-to-Site VPN between Cisco ASA 5505 and Cisco Router 3945.
  I've tried create configuration with and without ASA wizard, but anyway it doesn't work.
  Please help me to find where is the issue.
  I have two sites and would like to get access from 192.168.83.0 to 192.168.17.0
  192.168.17.0 --- S1.S1.S1.S1 (IOS Router) ==================== S2.S2.S2.S2 (ASA 5505) --- 192.168.83.0
  Here is my current configuration.
  Thanks for your help.
  IOS Configuration
  version 15.2
  crypto isakmp policy 1
  encr aes 256
  authentication pre-share
  group 2
  crypto isakmp key cisco address 198.0.183.225
  crypto isakmp invalid-spi-recovery
  crypto ipsec transform-set AES-SET esp-aes esp-sha-hmac
  mode transport
  crypto map static-map 1 ipsec-isakmp
  set peer S2.S2.S2.S2
  set transform-set AES-SET
  set pfs group2
  match address 100
  interface GigabitEthernet0/0
  ip address S1.S1.S1.S1 255.255.255.240
  ip nat outside
  ip virtual-reassembly in
  duplex auto
  speed auto
  crypto map static-map
  interface GigabitEthernet0/1
  ip address 192.168.17.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  access-list 100 permit ip 192.168.17.0 0.0.0.255 192.168.83.0 0.0.0.255
  ASA Configuration
  ASA Version 8.4(3)
  interface Ethernet0/0
  switchport access vlan 2
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.83.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address S2.S2.S2.S2 255.255.255.248
  ftp mode passive
  same-security-traffic permit intra-interface
  object network inside-network
  subnet 192.168.83.0 255.255.255.0
  object network datacenter
  host S1.S1.S1.S1
  object network datacenter-network
  subnet 192.168.17.0 255.255.255.0
  object network NETWORK_OBJ_192.168.83.0_24
  subnet 192.168.83.0 255.255.255.0
  access-list outside_access_in extended permit icmp any any echo-reply
  access-list outside_access_in extended deny ip any any log
  access-list outside_cryptomap extended permit ip 192.168.83.0 255.255.255.0 object datacenter-network
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool vpn_pool 192.168.83.200-192.168.83.254 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source dynamic inside-network interface
  nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
  nat (inside,outside) source static inside-network inside-network destination static datacenter-network datacenter-network no-proxy-arp route-lookup
  nat (inside,outside) source static NETWORK_OBJ_192.168.83.0_24 NETWORK_OBJ_192.168.83.0_24 destination static datacenter-network pdatacenter-network no-proxy-arp route-lookup
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY 1
  crypto ipsec ikev1 transform-set vpn-transform-set esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set vpn-transform-set mode transport
  crypto ipsec ikev1 transform-set L2L_SET esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set L2L_SET mode transport
  crypto dynamic-map dyno 10 set ikev1 transform-set vpn-transform-set
  crypto map vpn 1 match address outside_cryptomap
  crypto map vpn 1 set pfs
  crypto map vpn 1 set peer S1.S1.S1.S1
  crypto map vpn 1 set ikev1 transform-set L2L_SET
  crypto map vpn 20 ipsec-isakmp dynamic dyno
  crypto map vpn interface outside
  crypto isakmp nat-traversal 3600
  crypto ikev1 enable outside
  crypto ikev1 policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  group-policy GroupPolicy_S1.S1.S1.S1 internal
  group-policy GroupPolicy_S1.S1.S1.S1 attributes
  vpn-tunnel-protocol ikev1
  group-policy remote_vpn_policy internal
  group-policy remote_vpn_policy attributes
  vpn-tunnel-protocol ikev1 l2tp-ipsec
  username artem password 8xs7XK3To4s5WfTvtKAutA== nt-encrypted
  username admin password rqiFSVJFung3fvFZ encrypted privilege 15
  tunnel-group DefaultRAGroup general-attributes
  address-pool vpn_pool
  default-group-policy remote_vpn_policy
  tunnel-group DefaultRAGroup ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group DefaultRAGroup ppp-attributes
  authentication ms-chap-v2
  tunnel-group S1.S1.S1.S1 type ipsec-l2l
  tunnel-group S1.S1.S1.S1 general-attributes
  default-group-policy GroupPolicy_S1.S1.S1.S1
  tunnel-group S1.S1.S1.S1 ipsec-attributes
  ikev1 pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:f55f10c19a0848edd2466d08744556eb
  : end

  Thanks for helping me again. I really appreciate.
  I don't hve any NAT-exemptions in Cisco IOS Router. Transform-set I will change soon, but I've tried with tunnel mode and it didn't work.
  Maybe NAT-exemptions is the issue. Can you advice me which exemptions should be in Cisco IOS Router?
  Because on Cisco ASA I guess I have everything.
  Here is show crypto session detail
  router(config)#do show crypto session detail
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
  X - IKE Extended Authentication, F - IKE Fragmentation
  Interface: GigabitEthernet0/0
  Session status: DOWN
  Peer: 198.0.183.225 port 500 fvrf: (none) ivrf: (none)
        Desc: (none)
        Phase1_id: (none)
    IPSEC FLOW: permit ip 192.168.17.0/255.255.255.0 192.168.83.0/255.255.255.0
          Active SAs: 0, origin: crypto map
          Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
          Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
  Should I see something in crypto isakmp sa?
  pp-border#sh crypto isakmp sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  IPv6 Crypto ISAKMP SA
  Thanks again for your help.

• Administration of ASA5520 and cisco router mpls 1900

  Hi
  i just want to administor cisco
  ASA5520 and cisco router mpls 1900
  can some tell me as admin what to check as u get into office /reguraly in cisco asa 5520 and vpn mpls router for administrator ,right now its working as configured by supplier for remote sites to connect HQ and access several server
  My interest to know what are the basic day to day checkup on cisco asa5520 working as ips and cisco asa 5520 working as content filtering and cisco vpn mpls
  thx ,attached pic for ur view
  J

  Hello Malai,
  This question is subjective, I mean you can check the statistics on the CSC module for logs of the users going to blacklisted sites.
  You can check the CPU for the ASA's and IPS.
  You can monitor the amount of traffic traversing the interfaces of the ASA, you can determine witch host is using most of the bandwith,etc.
  Its pretty basic administration stuff
  Regards,
  Julio
  Rate all the helpful posts

• IPSec ikev2 between ASA and Cisco Router

  Hi,
  i try to do IPSec with ikev2 (SHA2) between ASA and Cisco Router, without success. Any one can help me ?
  - Remote site (Router) with dynamic public IP -> Dynamic crypto map on the ASA
  - Authentication with Certificats
  - integrity sha2
  I try a lot of configurations without success.
  Thanks for your help.
  Mic

  The more secure ike policy should have the higher priority which is a smaller number. So I would configure there the following way (policy 30 only if really needed):
  crypto ikev1 policy 10
  authentication pre-share
  encryption aes-256
  hash sha
  group 5
  lifetime 28800
  crypto ikev1 policy 20
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 28800
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 43200
  The Cisco VPN Client is EOL and not supported any longer. And yes, by default DH group 2 is used. But that can be configured by a parameter in the PCF-file.
  There are two (three) better options:
  Best option with very little needed configuration:
  Move to AnyConnect with TLS. AnyConnect is the actual Cisco client that is also supported with Windows 8.x. The legacy IPsec client isn't.
  Best option with a little stronger crypto but more configuration:
  Move to AnyConnect with IPsec/IKEv2. 
  Move to a third-party client like shrew.net. I didn't use that client since a couple of years any more, but it's quite flexible and also has a config for a better DH-group.
  For option 1) and 2) there is an extra license needed, but thats not very expensive.

• Routing Cisco Cat 2912 VLAN and Cisco 2621

  I have a wireless network using 5054 (Proxim). Routing on the units is not very good. I want to route everything using a the Cisco router.
  How can I start routing using a Cisco Catalist 2912-XL-E and a Cisco 1750 or 2621?
  The attachment has my existing network and a what I want the new network to be.
  Ed

  1750 does not support trunking and hence you can use the 2621 instead. Refer to the following tech tip
  http://www.cisco.com/warp/public/473/50.shtml

• Help config vlan and inter routing vlan on 2 switches SF300-24 ???

  Dear Cisco!
  now we have 2 switches: SF300-24
  on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following
  VLAN ID 2 (ports: 2 -6) have ip interface  192.168.2.254/24
  VLAN ID 3 (ports: 7 - 10) have ip interface  192.168.3.254/24
  VLAN ID 4 (ports 11- 15 ) have ip interface  192.168.4.254/24
  and VLAN 1 default have IP address: 192.168.1.200
  DHCP relay  - DHCP server 192.168.3.1
                     - DHCP relay: VLAN2; VLAN3; VLAN4
  ip route: 0.0.0.0   0.0.0.0  192.168.3.1
  all ports of VLAN2, VLAN3, VLAN4 set access mode.
  and another SF300-24
  was configed at layer 2. We config VLAN ID 2 ̣̣̣have ports  2 -6; VLAN ID 3 ports 7 -10; VLAN ID 4 port 11-15 ,too.
  And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.
  But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3!!!
  Could you please help me check this situation?
  How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
  Thanks!
  See you soon!

  Son Nquyen,
  First i would upgrade to 1.1.8 since the 1.0.0.27 was beta code.
  Next when when connecting both switches together each port will need set via Trunk mode with proper native vlan and tagged vlan traffic. What's the configuration of your trunk ports on each switch?
  Thanks,
  Jasbryan.

• Connecting 2 routers: T1 Router and Cisco Router

  Hi, thanks for reading this.
  My company has a T1 line that goes into the provider's Netopia router. I'd like to connect that router to our Cisco 1811 router to take advantage of the firewall, DHCP, VLAN, and NAT features. So, this is what I'm trying to do:
  Internet -- T1 Router -- Cisco 1811 -- Servers and Workstations
  The Netopia router is a T1 router with 1 WAN port and 8 built-in Ethernet ports. The Cisco 1811 has 2 WAN FE ports and 8 Managed Switch ports.
  First of all, I'd like to ask if this is even possible to do. If it is, please tell me how to physically connect the routers (what port to what port, and what kind of cable).
  Thank you.

  I don't know the Netopia routers but what you want to do should be possible. On the physical level you have to connect one of the Netopia ethernet ports to one of the WAN FE ports, probably using an ethernet cross-over cable.
  Now comes the fun part: configuration.

• Not able to telnet or ssh to outside interface of ASA and Cisco Router

  Dear All
  Please help me with following question, I have set up testing lab, but still not work.
  it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
  Hub -- Juniper SRX
  Spoke One - Cisco ASA with version 9.1(5)
  spoke two - Cisco router with version 12.3
  site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
  Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
  Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
  When I tested it, of cause site to site vpn still up and running.
  Thanks
  YK

  Hello YK,
  On this case on the ASA, you should have the following:
  CConfiguring Management Access Over a VPN Tunnel
  If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
  To specify an interface as a mangement-only interface, enter the following command:
  hostname(config)# management access management_interface
  where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
  You can define only one management-access interface
  Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
    SSH
  - ssh 0 0 outside
  - aaa authentication ssh console LOCAL
  - Make sure you have a default RSA key, or create a new one either ways, with this command:
      *crypto key generate rsa modulus 2048
  Telnet
  - telnet 0 0 outside
  - aaa authentication telnet console LOCAL
  Afterwards, if this works you can define the subnets that should be permitted.
  On the router:
  !--- Step 1: Configure the hostname if you have not previously done so.
  hostname Router
  !--- aaa new-model causes the local username and password on the router
  !--- to be used in the absence of other AAA statements.
  aaa new-model
  username cisco password 0 cisco
  !--- Step 2: Configure the router's DNS domain.
  ip domain-name yourdomain.com
  !--- Step 3: Generate an SSH key to be used with SSH.
  crypto key generate rsa
  ip ssh time-out 60
  ip ssh authentication-retries 3
  !--- Step 4: By default the vtys' transport is Telnet. In this case, 
  !--- Telnet and SSH is supported with transport input all
  line vty 0 4
  transport input All
  *!--- Instead of aaa new-model, the login local command may be used.
  no aaa new-model
  line vty 0 4
    login local
  Let me know how it works out!
  Please don't forget to Rate and mark as correct the helpful Post!
  David Castro,
  Regards,

• Time Capsule and Cisco router

  Will Time Capsule work with a Cisco Router E4200 that is connected to a Worldbook NAS?
  I do not need it to serve as a router, only a sytematic backup solution fro all of our Macs in the network.  We use the NAS as a company client File store and share internally to our staff.

  The TC can be bridged and plonked into the network with no problems.
  Decide how you will treat wireless.. you can handle it several different ways.. but completely off might be best. Or if you are buying a new AC model, then turn off the wireless in the E4200 and see if the TC works better.
  Or if you have some ethernet cabling.. place the TC in wireless dark area and set it up in roaming profile.
  That means you set the same SSID=Wireless name. Same Security WPA2 AES = WPA2 Personal. Same password. But lock channels on both devices.. make sure each is as far apart as possible.. so for example for 2.4ghz wireless set one to channel 1 and the other to channel 11. For 5ghz similarly set them sufficiently far apart that there can be no overlap.

• OS X 10.6.8 and Cisco Router WRT110

  Just upgraded my Macbook Pro to OS X 10.6.8 and am having to reboot my Cisco router continuously to maintain internet connectivity.  Is it the 2 year old router?

  Make sure your firmware is updated for the router.

• Site-Site VPN PIX501 and CISCO Router

  Hello Experts,
  I'm having a test lab at home, I configure a site-to-site vpn using Cisco PIX501 and CISCO2691 router, for the configurations i just some links on the internet because my background on VPN configuration is not too well, for the routers configuration i follow this link:
  www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html
  and for the pIX configuration I just use the VPN wizard of pix. Done all the confgurations but ping is unsuccessful. Hope you can help me with this, don't know what needs to be done here (Troubleshooting).
  Attached here is my router's configuration, topology as well as the pix configuration. Hope you can help me w/ this. Thanks in advance.

  YES! IT FINALLY WORKS NOW! Here's the updated running-config
  : Saved
  PIX Version 7.2(2)
  hostname PIX
  domain-name aida.com
  enable password 2KFQnbNIdI.2KYOU encrypted
  names
  name 172.21.1.0 network2 description n2
  interface Ethernet0
  speed 100
  duplex full
  nameif OUTSIDE
  security-level 0
  ip address 1.1.1.1 255.255.255.252
  interface Ethernet1
  nameif INSIDE
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  interface Ethernet2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet4
  shutdown
  no nameif
  no security-level
  no ip address
  passwd 2KFQnbNIdI.2KYOU encrypted
  ftp mode passive
  dns server-group DefaultDNS
  domain-name aida.com
  access-list TO_ENCRYPT_TRAFFIC extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
  access-list nonat extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
  pager lines 24
  mtu OUTSIDE 1500
  mtu INSIDE 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image flash:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (OUTSIDE) 1 interface
  nat (INSIDE) 0 access-list nonat
  nat (INSIDE) 1 192.168.1.0 255.255.255.0
  route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  username mark password MwHKvxGV7kdXuSQG encrypted
  http server enable
  http 192.168.1.3 255.255.255.255 INSIDE
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto map MYMAP 10 match address TO_ENCRYPT_TRAFFIC
  crypto map MYMAP 10 set peer 2.2.2.2
  crypto map MYMAP 10 set transform-set MYSET
  crypto map MYMAP interface OUTSIDE
  crypto isakmp enable OUTSIDE
  crypto isakmp policy 1
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  tunnel-group 2.2.2.2 type ipsec-l2l
  tunnel-group 2.2.2.2 ipsec-attributes
  pre-shared-key *
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  prompt hostname context
  Cryptochecksum:8491323562e3f1a86ccd4334cd1d37f6
  : end
  ROUTER:
  R9#sh run
  Building configuration...
  Current configuration : 3313 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname R9
  boot-start-marker
  boot-end-marker
  aaa new-model
  aaa authentication login default local
  aaa authorization config-commands
  aaa authorization exec default local
  aaa session-id common
  resource policy
  memory-size iomem 5
  ip cef
  no ip domain lookup
  ip domain name aida.com
  ip ssh version 2
  crypto pki trustpoint TP-self-signed-998521732
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-998521732
  revocation-check none
  rsakeypair TP-self-signed-998521732
  crypto pki certificate chain TP-self-signed-998521732
  A75B9F04 E17B5692 35947CAC 0783AD36 A3894A64 FB6CE1AB 1E3069D3
    A818A71C 00D968FE 3AA7463D BA3B4DE8 035033D5 0CA458F3 635005C3 FB543661
    9EE305FF 63
    quit
  username mark privilege 15 secret 5 $1$BTWy$PNE9BFeWm1SiRa/PiO9Ak/
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key cisco address 1.1.1.1 255.255.255.252
  crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
  crypto map MYMAP 10 ipsec-isakmp
  set peer 1.1.1.1
  set transform-set MYSET
  match address TO_ENCRYPT_TRAFFIC
  interface FastEthernet0/0
  ip address 2.2.2.2 255.255.255.252
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map MYMAP
  interface FastEthernet0/1
  ip address 172.21.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip route 0.0.0.0 0.0.0.0 2.2.2.1
  ip http server
  ip http authentication local
  ip http secure-server
  ip nat inside source list NAT_IP interface FastEthernet0/0 overload
  ip access-list extended NAT_IP
  deny   ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 172.21.1.0 0.0.0.255 any
  ip access-list extended TO_ENCRYPT_TRAFFIC
  permit ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
  control-plane
  line con 0
  exec-timeout 0 0
  logging synchronous
  line aux 0
  line vty 0 4
  transport input ssh
  end

• Cisco IP 7960 and Cisco Router 2611....

  Greetings,
  I currently have 2 IP phones and a 2611 series router running 2600-ik902s2-mz.122-15.t5 IOS... Can anyone point me in the right direction on where/or how to start building a mini voice network? Any links, tutorials, info, advice would be greatly appreciated.
  Thanks,
  Gabe

  Hi
  The best thing to setup a mini voip network would be to use the ITS solution where your IP phones will register directly with the 2611 router. The 2611 would act as a mini call manager where these ip phones talk to the router through skinny protocol and your outgoing calls can still go out through your FXO or digital port to the PSTN.
  I would suggest to review the following doc. It is fairly complete.
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide_book09186a008017fd13.html
  If you dont have voice mail, you dont have to worry about that. The above URL is for ITS version 2.1. If you want to run the lates ITS version (3.0) you would need 12.2.15ZJ1 IOS on the router and the information can be found at:
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide_book09186a00801812e4.html
  Hope that helps.

• Help config vlan and inter routing vlan on SF-300

  Hello All.
  I have divided the problem in Routing "SF-300 (Layer 3) can be connected to the Gateway." I did not want to put the Gateway. Injury I ever met with Packet Tracer 5. Can I attach a file. Leave all to me.
  Thank you.
  ### config -code
  ip routing
  vlan 10
  vlan 20
  vlan 30
  interface FastEthernet0/1
  switchport access vlan 10
  switchport mode access
  interface FastEthernet0/6
  switchport access vlan 20
  switchport mode access
  interface FastEthernet0/11
  switchport access vlan 30
  switchport mode access
  interface Vlan10
  ip address 192.168.10.1 255.255.255.0
  interface Vlan20
  ip address 192.168.20.1 255.255.255.0
  interface Vlan30
  ip address 192.168.30.1 255.255.255.0

  Hi Suwatchai, I'm not sure what you are asking.
  On my first post, there are 2 different IP subnet. How I understand you, you would like the computer 1 on FA1 to talk to computer 2 on FA6 which are 2 different subnet. Using your example config on the original post, the computers should have an IP configuation such as stated
  Computer on fa1.
  IP 192.168.10.100
  Gateway 255.255.255.0
  Mask 192.168.10.1
  Computer on Fa6
  IP 192.168.20.100
  Gateway 192.168.20.1
  Mask 255.255.255.0
  These IP addresses do not have to be your selection. They only have to be in the proper subnet with the correct gateway address. The gateway and subnet mask are not negotiable, the IP address is. Assuming the NIC on each computer is configured correctly based off that switch config output, this should work without any issue. If it fails to work, it is most likely an external factor as to why.
  -Tom
  Please mark answered for helpful posts

• SG200-50P and Cisco Router Issue

  I have just recently replaced a WS-CE500-24LC switch with a SG200-50P.  I have plugged in a Cisco 1760 router with a fast ethernet into the switch.  On the console of the router I now see these messages:
  Jun 30 16:17:30.492: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:18:30.495: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:19:30.498: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:20:30.501: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:21:30.504: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:22:30.514: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:23:30.517: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:24:30.520: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:25:30.523: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:26:30.526: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:27:30.528: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:28:30.531: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:29:30.534: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:30:30.537: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:31:30.540: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:32:30.543: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  problem?
  cisco1760#
  Jun 30 16:33:30.545: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
  What does this mean and how do I fix the issue.  As far as I am aware both ends of the link are set to autonegotiate the speed and duplex.
  Thanks for helping.

  Dave,
  1.  Thanks for explaning what the error message means.  I never saw this message when the router was plugged into the WS-CE500-24LC switch.
  2.  I did upgrade to the new firmware, even before I had connected the router to the switch.  I also replaced the cable.  It did not fix the issue.
  3a.  Other than the log messages every minute, I do see any impact to the network that I am aware of.
  Interface counts:
  cisco1760#sh int fastEthernet 0/0
  FastEthernet0/0 is up, line protocol is up
    Hardware is PQUICC_FEC, address is 000c.ce05.d68c (bia 000c.ce05.d68c)
    Description: "Primary LAN Segment"
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
       reliability 255/255, txload 2/255, rxload 2/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/948/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 895000 bits/sec, 245 packets/sec
    5 minute output rate 978000 bits/sec, 293 packets/sec
       199852941 packets input, 838336294 bytes
       Received 1945096 broadcasts, 0 runts, 0 giants, 0 throttles
       482 input errors, 0 CRC, 0 frame, 482 overrun, 0 ignored
       0 watchdog
       0 input packets with dribble condition detected
       234783382 packets output, 4015540432 bytes, 9 underruns
       9 output errors, 0 collisions, 13 interface resets
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier
       0 output buffer failures, 0 output buffers swapped out
  cisco1760#sh int fastEthernet 0/0
  FastEthernet0/0 is up, line protocol is up
    Hardware is PQUICC_FEC, address is 000c.ce05.d68c (bia 000c.ce05.d68c)
    Description: "Primary LAN Segment"
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
       reliability 255/255, txload 2/255, rxload 2/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/948/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 878000 bits/sec, 238 packets/sec
    5 minute output rate 962000 bits/sec, 286 packets/sec
       199880510 packets input, 851437952 bytes
       Received 1945469 broadcasts, 0 runts, 0 giants, 0 throttles
       482 input errors, 0 CRC, 0 frame, 482 overrun, 0 ignored
       0 watchdog
       0 input packets with dribble condition detected
       234816750 packets output, 4029944015 bytes, 9 underruns
       9 output errors, 0 collisions, 13 interface resets
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier
       0 output buffer failures, 0 output buffers swapped out
  cisco1760#
  cisco1760#sh int fastEthernet 0/0
  FastEthernet0/0 is up, line protocol is up
    Hardware is PQUICC_FEC, address is 000c.ce05.d68c (bia 000c.ce05.d68c)
    Description: "Primary LAN Segment"
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
       reliability 255/255, txload 2/255, rxload 2/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/948/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 895000 bits/sec, 245 packets/sec
    5 minute output rate 978000 bits/sec, 293 packets/sec
       199852941 packets input, 838336294 bytes
       Received 1945096 broadcasts, 0 runts, 0 giants, 0 throttles
       482 input errors, 0 CRC, 0 frame, 482 overrun, 0 ignored
       0 watchdog
       0 input packets with dribble condition detected
       234783382 packets output, 4015540432 bytes, 9 underruns
       9 output errors, 0 collisions, 13 interface resets
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier
       0 output buffer failures, 0 output buffers swapped out
  A minute later...
  cisco1760#sh int fastEthernet 0/0
  FastEthernet0/0 is up, line protocol is up
    Hardware is PQUICC_FEC, address is 000c.ce05.d68c (bia 000c.ce05.d68c)
    Description: "Primary LAN Segment"
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
       reliability 255/255, txload 2/255, rxload 2/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/948/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 878000 bits/sec, 238 packets/sec
    5 minute output rate 962000 bits/sec, 286 packets/sec
       199880510 packets input, 851437952 bytes
       Received 1945469 broadcasts, 0 runts, 0 giants, 0 throttles
       482 input errors, 0 CRC, 0 frame, 482 overrun, 0 ignored
       0 watchdog
       0 input packets with dribble condition detected
       234816750 packets output, 4029944015 bytes, 9 underruns
       9 output errors, 0 collisions, 13 interface resets
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier
       0 output buffer failures, 0 output buffers swapped out
  cisco1760#
  It appears that just the byte and packet counts are increasing.  Nothing shown in the log of the SG200-50P.  Logging level set to informational in RAM.
  I set both side to 10 M / half-duplex and that also did not affect the messages. 
  Do you have any thoughts on the carrier-delay or keepalive settings on the fast ethernet interface of the router?
  Thanks.

• Voip with hipath siemens 3800 and cisco router 2951

  Hi all,
  we have a projet with a Customer, we must must implement solution voip in theire structure, they have siemens hipath 3800 and i want to know if it work with Cisco 2951? if yes how? and there is a special configuration for this? and this solution support all features of voip ?
  thanks for your attention.
  Walid zahri

  Hello, walidit01. 
  Check this link (http://cs.co/9000qMpY) for interoperability updates for CUCM Express. Are you already working with any Cisco partner or vendor for your client project?
  Let me know if you have other concerns or e-mail ([email protected]) me directly. 
  Kind regards.